CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2019-4429
https://notcve.org/view.php?id=CVE-2019-4429
19 Feb 2020 — IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886. IBM Maximo Asset Management versiones 7.6.0 y 7.6.1, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a un usuario insertar código JavaScript arbitrario en la Interfaz de Usuar... • https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-3323
https://notcve.org/view.php?id=CVE-2013-3323
18 Feb 2020 — A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. Se presenta una vulnerabilidad de escalada de privilegios en IBM Maximo Asset Management versiones 7.5, 7.1 y 6.2, cuando WebSeal con Autenticación Básica es usado, debido a un fallo al invalidar la sesión de autenticación, lo que podría permitir a u... • http://www.securityfocus.com/bid/62685 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-4530
https://notcve.org/view.php?id=CVE-2019-4530
20 Nov 2019 — IBM Maximo Asset Management 7.6, 7.6.1, and 7.6.1.1 could allow an authenticated user to delete a record that they should not normally be able to. IBM X-Force ID: 165586. IBM Maximo Asset Management versiones 7.6, 7.6.1 y 7.6.1.1, podría permitir a un usuario autenticado eliminar un registro que normalmente no debería ser capaz de hacerlo. ID de IBM X-Force: 165586. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165586 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-4546
https://notcve.org/view.php?id=CVE-2019-4546
28 Oct 2019 — After installing the IBM Maximo Health- Safety and Environment Manager 7.6.1, a user is granted additional privileges that they are not normally allowed to access. IBM X-Force ID: 165948. Después de instalar IBM Maximo Health- Safety and Environment Manager versión 7.6.1, a un usuario se le otorgan privilegios adicionales a los que normalmente no se les permite acceder. ID de IBM X-Force: 165948. • https://exchange.xforce.ibmcloud.com/vulnerabilities/165948 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4486
https://notcve.org/view.php?id=CVE-2019-4486
24 Oct 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 164070. IBM Maximo Asset Management versión 7.6, es vulnerable a un problema de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la... • https://exchange.xforce.ibmcloud.com/vulnerabilities/164070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.4EPSS: 0%CPEs: 4EXPL: 0CVE-2019-4265
https://notcve.org/view.php?id=CVE-2019-4265
10 Oct 2019 — IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have device root detection which could result in an attacker gaining sensitive information about the device. IBM X-Force ID: 160198. IBM Maximo Anywhere versiones 7.6.0, 7.6.1, 7.6.2 y 7.6.3, no posee detección root del dispositivo, lo que podría resultar en que un atacante consiga información confidencial sobre el dispositivo. ID de IBM X-Force: 160198. • https://exchange.xforce.ibmcloud.com/vulnerabilities/160198 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4512
https://notcve.org/view.php?id=CVE-2019-4512
09 Oct 2019 — IBM Maximo Asset Management 7.6.1.1 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164554. IBM Maximo Asset Management versión 7.6.1.1, genera un mensaje de error que incluye información confidencial que podría ser usada en futuros ataques contra el sistema. ID de IBM X-Force: 164554. • https://exchange.xforce.ibmcloud.com/vulnerabilities/164554 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-4430
https://notcve.org/view.php?id=CVE-2019-4430
17 Jul 2019 — IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. IBM Maximo Asset Management versión 7.6 podría permitir que un atacante remoto salte directorios en el sistema. Un atacante podría enviar una petición URL especialmente diseñada que contenga secuencias "punto punto" (/../) para visualizar archivos arbitra... • https://exchange.xforce.ibmcloud.com/vulnerabilities/162887 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4364
https://notcve.org/view.php?id=CVE-2019-4364
19 Jun 2019 — IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. IBM Maximo Asset Management versión 7.6 es vulnerable a la inyección de CSV, lo que podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema. ID de IBM X-Force: 161680. • http://www.securityfocus.com/bid/108910 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 5.4EPSS: 0%CPEs: 20EXPL: 0CVE-2019-4303
https://notcve.org/view.php?id=CVE-2019-4303
19 Jun 2019 — IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 160949. IBM Maximo Asset Management versión 7.6 es vulnerable a cross-site-scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcional... • http://www.securityfocus.com/bid/108912 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •